File name:

VIP Proxy Shark 2020 v1.1 (Vip Pro Edition).rar

Full analysis: https://app.any.run/tasks/e420e199-5b9d-42d5-a22a-89485c6719a7
Verdict: Malicious activity
Analysis date: June 14, 2020, 20:57:53
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

CBAD9F91811E4F4F1100873114F32D54

SHA1:

C07DAEB84CB3244BAAABE647B5FB5A41E2DDB49D

SHA256:

5FC21244202D0E8E2081F946EA852AECF49345B272B3DA655E45DA38444414DC

SSDEEP:

24576:OH1cDJCShRMik+w3KNnw5XRZy+g7S+AhA/wRNVrhkRncI9+N3O:OVc7RhwcnwPw+gm+bwdrWF9+4

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • VIP Proxy Shark 2020 v1.1 (Vip Pro Edition.exe (PID: 2128)

    • Application was dropped or rewritten from another process

      • VIP Proxy Shark 2020 v1.1 (Vip Pro Edition.exe (PID: 2128)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 856)

    • Reads Environment values

      • VIP Proxy Shark 2020 v1.1 (Vip Pro Edition.exe (PID: 2128)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
2
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start start winrar.exe vip proxy shark 2020 v1.1 (vip pro edition.exe

Process information

PID
CMD
Path
Indicators
Parent process
856"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\VIP Proxy Shark 2020 v1.1 (Vip Pro Edition).rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2128"C:\Users\admin\AppData\Local\Temp\Rar$EXa856.12669\VIP Proxy Shark 2020 v1.1 (Vip Pro Edition)\VIP Proxy Shark 2020 v1.1 (Vip Pro Edition.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa856.12669\VIP Proxy Shark 2020 v1.1 (Vip Pro Edition)\VIP Proxy Shark 2020 v1.1 (Vip Pro Edition.exe
WinRAR.exe
User:
admin
Company:
Pooria Sharaffodin www.ProxyShark.net - www.Babatools.net
Integrity Level:
MEDIUM
Description:
VIP Proxy Shark 2020 v1.1 (Vip Pro Edition)
Exit code:
0
Version:
1.1.0.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa856.12669\vip proxy shark 2020 v1.1 (vip pro edition)\vip proxy shark 2020 v1.1 (vip pro edition.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
495
Read events
453
Write events
42
Delete events
0

Modification events

(PID) Process:(856) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(856) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(856) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(856) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12F\52C64B7E
Operation:writeName:@C:\Windows\system32\NetworkExplorer.dll,-1
Value:
Network
(PID) Process:(856) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\VIP Proxy Shark 2020 v1.1 (Vip Pro Edition).rar
(PID) Process:(856) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(856) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(856) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(856) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(856) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12F\52C64B7E
Operation:writeName:@C:\Windows\system32\notepad.exe,-469
Value:
Text Document
Executable files
1
Suspicious files
0
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
2128VIP Proxy Shark 2020 v1.1 (Vip Pro Edition.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa856.12669\VIP Proxy Shark 2020 v1.1 (Vip Pro Edition)\tempFile.txttext
MD5:
SHA256:
856WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa856.12669\VIP Proxy Shark 2020 v1.1 (Vip Pro Edition)\VIP Proxy Shark 2020 v1.1 (Vip Pro Edition.exeexecutable
MD5:1A69D68A1FA02826A5C6BFFC7A36ADC3
SHA256:123099DEBFBD528B1A6123171D6F63D18C3490902AF04F79B74C2F43F6014D30
856WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa856.12669\VIP Proxy Shark 2020 v1.1 (Vip Pro Edition)\readme.txttext
MD5:1E4F305A06C819FFEACBDB24A94F45E2
SHA256:3CF272FCCEEA61EEEE27E623700DB2810558483A1331BBB0EBCDD0A38EB1E63C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
153
TCP/UDP connections
83
DNS requests
4
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2128
VIP Proxy Shark 2020 v1.1 (Vip Pro Edition.exe
GET
1.0.177.127:8080
http://vps261791.vps.ovh.ca/babaip/
TH
unknown
2128
VIP Proxy Shark 2020 v1.1 (Vip Pro Edition.exe
GET
1.10.188.132:8080
http://vps261791.vps.ovh.ca/babaip/
TH
suspicious
2128
VIP Proxy Shark 2020 v1.1 (Vip Pro Edition.exe
GET
302
102.129.249.120:3128
http://159.65.245.16/
unknown
suspicious
2128
VIP Proxy Shark 2020 v1.1 (Vip Pro Edition.exe
GET
101.4.136.34:8080
http://vps261791.vps.ovh.ca/babaip/
CN
suspicious
2128
VIP Proxy Shark 2020 v1.1 (Vip Pro Edition.exe
GET
302
102.129.249.120:3128
http://vps261791.vps.ovh.ca/babaip/
unknown
suspicious
2128
VIP Proxy Shark 2020 v1.1 (Vip Pro Edition.exe
GET
1.0.183.196:8080
http://vps261791.vps.ovh.ca/babaip/
TH
unknown
2128
VIP Proxy Shark 2020 v1.1 (Vip Pro Edition.exe
GET
200
172.217.18.179:80
http://www.vipsocks24.net/
US
html
57.9 Kb
whitelisted
2128
VIP Proxy Shark 2020 v1.1 (Vip Pro Edition.exe
GET
200
172.217.18.179:80
http://www.proxyserverlist24.top/2020/05/26-05-20-smtp-proxies-252.html
US
html
60.1 Kb
whitelisted
2128
VIP Proxy Shark 2020 v1.1 (Vip Pro Edition.exe
GET
200
172.217.18.179:80
http://www.proxyserverlist24.top/2020/05/26-05-20-fast-proxy-server-list_98.html
US
html
82.1 Kb
whitelisted
2128
VIP Proxy Shark 2020 v1.1 (Vip Pro Edition.exe
GET
200
172.217.18.179:80
http://www.proxyserverlist24.top/
US
html
66.4 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2128
VIP Proxy Shark 2020 v1.1 (Vip Pro Edition.exe
172.217.18.179:80
www.vipsocks24.net
Google Inc.
US
whitelisted
1.0.177.127:8080
TOT Public Company Limited
TH
unknown
2128
VIP Proxy Shark 2020 v1.1 (Vip Pro Edition.exe
1.0.183.196:8080
TOT Public Company Limited
TH
unknown
2128
VIP Proxy Shark 2020 v1.1 (Vip Pro Edition.exe
1.10.186.114:32577
TOT Public Company Limited
TH
suspicious
1.10.188.132:8080
TOT Public Company Limited
TH
suspicious
2128
VIP Proxy Shark 2020 v1.1 (Vip Pro Edition.exe
1.10.189.107:33376
TOT Public Company Limited
TH
unknown
2128
VIP Proxy Shark 2020 v1.1 (Vip Pro Edition.exe
144.217.240.24:443
www.babatools.net
OVH SAS
CA
suspicious
2128
VIP Proxy Shark 2020 v1.1 (Vip Pro Edition.exe
1.179.183.109:8080
TOT Public Company Limited
TH
suspicious
2128
VIP Proxy Shark 2020 v1.1 (Vip Pro Edition.exe
1.186.40.9:54754
D-Vois Broadband Pvt Ltd
IN
suspicious
2128
VIP Proxy Shark 2020 v1.1 (Vip Pro Edition.exe
1.199.31.41:9999
No.31,Jin-rong Street
CN
unknown

DNS requests

Domain
IP
Reputation
www.babatools.net
  • 144.217.240.24
suspicious
www.babatools.com
  • 144.217.240.24
unknown
www.vipsocks24.net
  • 172.217.18.179
whitelisted
www.proxyserverlist24.top
  • 172.217.18.179
whitelisted

Threats

PID
Process
Class
Message
1040
svchost.exe
Potentially Bad Traffic
ET DNS Query to a *.top domain - Likely Hostile
2128
VIP Proxy Shark 2020 v1.1 (Vip Pro Edition.exe
Potentially Bad Traffic
ET INFO HTTP Request to a *.top domain
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
VIP Proxy Shark 2020 v1.1 (Vip Pro Edition).rar